Agencies spend too much time on cyber defensive

The government remains on the defensive when it comes to cybersecurity.

“Right now, on the Internet, offense wins,” said Philip Reitinger, deputy undersecretary of National Protection and Programs directorate in the Homeland Security Department, during an event earlier this week sponsored by Potomac Institute in Arlington, Va.

But Reitinger and Lt. Gen. Robert Schmidle, deputy commander of the U.S. Cyber Command in the Defense Department, say there are things the government can do to make the offense a little less potent.

Schmidle said the potential development of a cyber common operational picture is an important step to lowering the success of attacks.

Advertisement

Schmidle said DoD wants to “bring these data feeds in from all of the services, agencies…that participate and that will be a real challenge.”

As much as Schmidle believes that the Cyber Command is necessary for being able “to do this defense piece the way that we need to be able to do it” the reluctance to “expose everything you do to someone else” stands in the way.

To that end, Reitinger said there are a few things agencies can do, but there are “no ruby slippers.” He said if any “entity, whether it be a public sector entity or private sector entity says it’s going to solve all of your problems then they are asking you to put on a pair of ruby slippers.”

Reitinger said there are four things that agencies and vendors can improve up on to better secure their networks.

Among those, he said, are “more secure components, greater use of strong ties enhancing authentication, use of automation and interoperability broadly so we’re able to have a set of devices and people that can react to the internet speed and an automatic way so the only barriers to collaboration are those being posed by policy as opposed to imposed on us by technology.”

Reitinger said cybersecurity remains an administration and DHS priority, placing it in the department’s top five mission areas.

“In a bipartisan way, from the past administration into this administration, there has been continual progress on defining capabilities and roles and responsibilities,” said Reitinger.

Schmidle said one thing DoD is considering is the use of technology hashing to improve their cybersecurity.

“If you were the commander of an agents cruiser, for example, that you could come up to a bridge and you could boot up your machine and you could bring up a page, whatever you need, and you could immediately tell whether or not your data base had been changed at all since the last time you looked at it,” said Schmidle.

However, one theme resounded true among Schmidle and Reitinger.

Can there be reasonable discussion of cyber issues at the unclassified level?

“I do believe we can talk about this in an unclassified way. I do believe we have to talk about this in an unclassified way and it needs to be a public dialogue about what needs to happen,” said Reitinger. Schmidle added that “raising the cadre of civilians, for example, that are deeply immersed in the theory and nature and understand cyber from a perspective that perhaps the practitioners do not; that’s a good thing, I think that’s helpful.”

On DoD focuses on the programs and policies that affect the Defense Department. Each week, Defense Reporter Jared Serbu speaks one-on-one and in depth with the people responsible for managing the inner workings of the federal government's largest department, and those who know it best.